1. What Is An Externally Authenticated User?

When an Oracle user is authenticated externally, it simply means that the database will not authenticate the user with a password.The authentication of the user is happening outside of the database by either the operating system, Kerberos or Radius. For the last two, the Advanced Security Option is required, and it is out of the scope of today’s post.An externally authenticated user can connect to the database without specifying a username and a password. In this case, the database relies on the underlying operating system to authenticate the user.

2. Setup Externally Authenticated Users In Non-Multitenant Database.

Setting up an externally authenticated user in a non-multitenant database, is the same as in the pre 12c versions.

If you want the operating system to authenticate the user, you will need to set the following parameter:OS_AUTHENT_PREFIX. This parameter defines a prefix, that will be used in naming externally authenticated users.

The parameter’s default value is OPS$, but you can set it to what value suits you.

The following rules also apply:

username must be enclosed in double quotes

username must be in UPPERCASE (Windows only)

username must be in the format of DOMAIN_NAME\USERNAME (Windows only)

username might be case sensitive on certain OS

Let’s look at an example in Unix, for creating an externally authenticated database user for the OS user drobete (lowercase):

-- the user that is logged on to the server is DBAPARADISE\DROBETE, -- where DBAPARADISE is the domain name.

sqlplus /Connected.SQL> show userUSER is "OPS$DBAPARADISE\DROBETE"

3. Setup Externally Authenticated Users In Multitenant Database.

The process is similar in a multitenant environment, with only one difference.

The OS_AUTHENT_PREFIX must match COMMON_USER_PREFIX (default value C##). Depending on the version of Oracle, in 12.1.0.1 it was not possible to change the prefix for common users,however starting with 12.1.0.2 you are able to set this prefix to any value. Source: How To Use OS External Authentication In A Container Database (Doc ID 2042219.1)